Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fileinfo does not recognize ordinal numbers of some delayed imports #282

Closed
s3rvac opened this issue Apr 25, 2018 · 1 comment
Closed

fileinfo does not recognize ordinal numbers of some delayed imports #282

s3rvac opened this issue Apr 25, 2018 · 1 comment
Assignees
@ladislav-zezula
Labels
bug C-fileinfo P-output T-format-pe

Comments

@s3rvac
Copy link
Member

s3rvac commented Apr 25, 2018
edited
Loading

fileinfo is unable to recognize ordinal numbers of some delayed imports in PE files.

Input

Run

$ retdec-fileinfo -v FILE

where FILE is

  • C200FBAF67E5DCA8633415FC1216BF3CF75C600DE7E922CA74113B70852D0A85
  • CB203F39DC633F086AD9578F463B631C4C9F5B51A3010A9770E9F2DBCD58482A
  • F7D3A288054712A571A20483B88D4604A4E94787AEF1433C681AC83824679B94
  • 06FFCA20624E5571F71F54E80AA470A0E23171A2BDB2ED2B0FE706A42BA754B9

Output

Import table
------------
Number of imports: 330
...

i     name                                    libName             ordNum     address
----------------------------------------------------------------------------------------
...
254                                           msi.dll                        0x441922
255                                           msi.dll                        0x441918
256                                           msi.dll                        0x44190e
257                                           msi.dll                        0x44192c
258                                           msi.dll                        0x4418fa
259                                           msi.dll                        0x4418f0
260                                           msi.dll                        0x4418e6
261                                           msi.dll                        0x441936
262                                           msi.dll                        0x441940
263                                           msi.dll                        0x44194a
264                                           msi.dll                        0x441954
265                                           msi.dll                        0x44195e
266                                           msi.dll                        0x44197c
267                                           msi.dll                        0x441972
268                                           msi.dll                        0x441968
269                                           msi.dll                        0x441904
270                                           msi.dll                        0x42f15f
271                                           msi.dll                        0x42f155
272                                           msi.dll                        0x42f14b
273                                           msi.dll                        0x42f141
274                                           msi.dll                        0x42f126
...

As you can see, there are no names or ordinal numbers for the above imports.

Expected output

pefile is able to recognize ordinal numbers for the above imports:

[IMAGE_DELAY_IMPORT_DESCRIPTOR]
0x49D04    0x0   grAttrs:                       0x1
0x49D08    0x4   szName:                        0x424A0
0x49D0C    0x8   phmod:                         0x4EAA0
0x49D10    0xC   pIAT:                          0x4EA48
0x49D14    0x10  pINT:                          0x4AA8C
0x49D18    0x14  pBoundIAT:                     0x4AF1C
0x49D1C    0x18  pUnloadIAT:                    0x0
0x49D20    0x1C  dwTimeStamp:                   0x0        [Thu Jan  1 00:00:00 1970 UTC]

msi.dll Ordinal[32] (Imported by Ordinal) Bound: 0x00441922
msi.dll Ordinal[186] (Imported by Ordinal) Bound: 0x00441918
msi.dll Ordinal[171] (Imported by Ordinal) Bound: 0x0044190E
msi.dll Ordinal[159] (Imported by Ordinal) Bound: 0x0044192C
msi.dll Ordinal[24] (Imported by Ordinal) Bound: 0x004418FA
msi.dll Ordinal[92] (Imported by Ordinal) Bound: 0x004418F0
msi.dll Ordinal[205] (Imported by Ordinal) Bound: 0x004418E6
msi.dll Ordinal[160] (Imported by Ordinal) Bound: 0x00441936
msi.dll Ordinal[17] (Imported by Ordinal) Bound: 0x00441940
msi.dll Ordinal[125] (Imported by Ordinal) Bound: 0x0044194A
msi.dll Ordinal[20] (Imported by Ordinal) Bound: 0x00441954
msi.dll Ordinal[141] (Imported by Ordinal) Bound: 0x0044195E
msi.dll Ordinal[90] (Imported by Ordinal) Bound: 0x0044197C
msi.dll Ordinal[67] (Imported by Ordinal) Bound: 0x00441972
msi.dll Ordinal[118] (Imported by Ordinal) Bound: 0x00441968
msi.dll Ordinal[48] (Imported by Ordinal) Bound: 0x00441904
msi.dll Ordinal[8] (Imported by Ordinal) Bound: 0x0042F15F
msi.dll Ordinal[204] (Imported by Ordinal) Bound: 0x0042F155
msi.dll Ordinal[113] (Imported by Ordinal) Bound: 0x0042F14B
msi.dll Ordinal[16] (Imported by Ordinal) Bound: 0x0042F141
msi.dll Ordinal[70] (Imported by Ordinal) Bound: 0x0042F126

We should be able to do the same.

Configuration

  • Commit: 1647e9f (current master)
  • 64b Arch Linux, GCC 7.3.1, Debug build of RetDec
@s3rvac s3rvac mentioned this issue Apr 25, 2018
Closed
@ladislav-zezula
Copy link
Contributor

Fixed in commit:
ba7787d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ladislav-zezula ladislav-zezula

Labels
bug C-fileinfo P-output T-format-pe
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ladislav-zezula @s3rvac